The HEROIC Framework: Encrypted Computation Without Shared Keys

Tsoutsos, Nektarios Georgios; Maniatakos, Michail

doi:10.1109/tcad.2015.2419619

Cited by 42 publications

(20 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The KPU slows down by 10-40% in encrypted running under AES-128 as compared to running unencrypted (measures are from [17]), and with its base clock set at 1 GHz (3 ns cache), it runs like a 433 MHz classic Pentium, 7 so a KPU is quite fast. 8 The KPU's nearest competitor among homomorphic systems is HEROIC [21], which has a stack machine architecture [22]. HEROIC embeds 2048-bit additively homomorphic Paillier encryption [23] in its encrypted working.…”

Section: Homomorphic Systemsmentioning

confidence: 99%

Encrypted computing: Speed, security and provable obfuscation against insiders

Breuer¹,

Bowen

Palomar

et al. 2017

2017 International Carnahan Conference on Security Technology (ICCST)

View full text Add to dashboard Cite

Abstract-Over the past few years we have articulated theory that describes 'encrypted computing', in which data remains in encrypted form while being worked on inside a processor, by virtue of a modified arithmetic. The last two years have seen research and development on a standards-compliant processor that shows that near-conventional speeds are attainable via this approach. Benchmark performance with the US AES-128 flagship encryption and a 1 GHz clock is now equivalent to a 433 MHz classic Pentium, and most block encryptions fit in AES's place. This summary article details how user data is protected by a system based on the processor from being read or interfered with by the computer operator, for those computing paradigms that entail trust in data-oriented computation in remote locations where it may be accessible to powerful and dishonest insiders. We combine: (i) the processor that runs encrypted; (ii) a slightly modified conventional machine code instruction set architecture with which security is achievable; (iii) an 'obfuscating' compiler that takes advantage of its possibilities, forming a three-point system that provably provides cryptographic 'semantic security' for user data against the operator and system insiders.

show abstract

Section: Homomorphic Systemsmentioning

confidence: 99%

Encrypted computing: Speed, security and provable obfuscation against insiders

Breuer¹,

Bowen

Palomar

et al. 2017

2017 International Carnahan Conference on Security Technology (ICCST)

View full text Add to dashboard Cite

show abstract

“…If we continue iterating, we have z 3 ← 2302, bit 3 ← 2302 · (2302·2302) −1 = 2743, G(2743, 4393) 3 = 5163 (using r = 9 for 0), sum 3 ← 3807 · 5163 = 906, y 3 ← 4393 · 4393 = 5483, and x 3 ← 2302 (note that Dec(sum 3 ) = 6, Dec(y 3 ) = 24 and Dec(x 3 ) = 0). 9 At last, z 4 ← 2302, bit 4 ← 2743,…”

Section: Encrypted Multiplication (Top Level Alg 1)mentioning

confidence: 99%

“…Recall that if the result of Leq(·) was F alse, function G would have returned 1812 · 1307 = 2613 instead of 1812 9. Note that, in this simple example, z remains unchanged since the same r values were used in each invocation of Div2.…”

mentioning

confidence: 99%

Cryptoleq: A Heterogeneous Abstract Machine for Encrypted and Unencrypted Computation

Mazonka

Tsoutsos

Maniatakos

2016

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

The rapid expansion and increased popularity of cloud computing comes with no shortage of privacy concerns about outsourcing computation to semi-trusted parties. Leveraging the power of encryption, in this paper we introduce Cryptoleq: an abstract machine based on the concept of One Instruction Set Computer, capable of performing general-purpose computation on encrypted programs. The program operands are protected using the Paillier partially homomorphic cryptosystem, which supports addition on the encrypted domain. Full homomorphism over addition and multiplication, which is necessary for enabling general-purpose computation, is achieved by inventing a heuristically obfuscated software re-encryption module written using Cryptoleq instructions and blended into the executing program. Cryptoleq is heterogeneous, allowing mixing encrypted and unencrypted instruction operands in the same program memory space. Programming with Cryptoleq is facilitated using an enhanced assembly language that allows development of any advanced algorithm on encrypted datasets. In our evaluation, we compare Cryptoleq's performance against a popular fully homomorphic encryption library, and demonstrate correctness using a typical Private Information Retrieval problem.

show abstract

“…In using the Paillier encryption we follow (Tsoutsos and Maniatakos, 2013;Tsoutsos and Maniatakos, 2015), where a 'one instruction' stack machine architecture ('HEROIC') for encrypted computing embedding a 16-bit Paillier encryption is prototyped. In conjunction with a lookup table for the signs (positive/negative) of encrypted data, the Paillier addition is computationally complete (any computable function can be implemented using addition, the table, an encrypted 1, and recursion), and addition, subtraction, and comparison machine code instructions suffice to write software routines for the rest.…”

Section: Overview and Related Workmentioning

confidence: 99%

“…That decodes r2. (Tsoutsos and Maniatakos, 2015) avoids the problem by providing only the x+k operation, for constants k, not x+y (hence not x+x or x−x), so we might declare all two-operand OpenRISC instructions offlimits, leaving only the one-operand ones: x+k and x<k are formally safe because x→x+K is an automorphism that turns y=x+k into y+K=(x+K)+k, and x<k into x+K<k where k =k+K, so there will be 2 32 self-consistent readings x+K, y+K, etc. for any choice of K, for any guess by the operator at a consistent assignment of decrypted values x, y, etc.…”

Section: Securitymentioning

confidence: 99%

A Practical Encrypted Microprocessor

Breuer¹,

Bowen

Palomar

et al. 2016

Proceedings of the 13th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

Abstract:This paper explores a new approach to encrypted microprocessing, potentiating new trade-offs in security versus performance engineering. The coprocessor prototype described runs standard machine code (32-bit OpenRISC v1.1) with encrypted data in registers, on buses, and in memory. The architecture is 'superscalar', executing multiple instructions simultaneously, and is sophisticated enough that it achieves speeds approaching that of contemporary off-the-shelf processor cores. The aim of the design is to protect user data against the operator or owner of the processor, and so-called 'Iago' attacks in general, for those paradigms that require trust in data-heavy computations in remote locations and/or overseen by untrusted operators. A single idea underlies the architecture, its performance and security properties: it is that a modified arithmetic is enough to cause all program execution to be encrypted. The privileged operator, running unencrypted with the standard arithmetic, can see and try their luck at modifying encrypted data, but has no special access to the information in it, as proven here. We test the issues, reporting performance in particular for 64-bit Rijndael and 72-bit Paillier encryptions, the latter running keylessly.

show abstract

The HEROIC Framework: Encrypted Computation Without Shared Keys

Cited by 42 publications

References 30 publications

Encrypted computing: Speed, security and provable obfuscation against insiders

Encrypted computing: Speed, security and provable obfuscation against insiders

Cryptoleq: A Heterogeneous Abstract Machine for Encrypted and Unencrypted Computation

A Practical Encrypted Microprocessor

Contact Info

Product

Resources

About